1. Field of the Invention
In general, the present invention relates to a method of transferring a file through a network. More particularly, the present invention relates to a system and a program, which are used for making an access to a file stored in a protected server computer, from any computer connected to the wide area network.
2. Detailed Description of Related Art
Recently, due to the popularity of technologies such as the WWW (World Wide Web), information stored in a server computer can be transferred to any place for use at the place.
In addition, due to the popularity of a wireless/mobile communication means such as a hand phone and the popularity of a mobile apparatus such as a PDA (Personal Data Assistant) as well as the popularity of a small notebook personal computer, it is possible to establish a connection to a server computer of a desired network by being not restricted by the place at which the connection is established.
Because of the capabilities described above, there is a rising demand for a capability of storing a personal file or other information used in a work of the user itself in the server computer and a capability of transferring the personal file or the other information from the server computer to a place desired by the user itself for use at the place. Given such capabilities, however, it is also necessary to prevent an illegal access to the server computer from being made by another unauthorized user or a program for malicious purposes.
With the conventional technology, if it is desired to store a personal file or other information used in a work of the user itself in the server computer and to transfer the personal file or the other information from the server computer to a place desired by the user itself for use at the place, there are 3 methods to prevent an illegal access to the server computer from being made by another malicious user or a program for illegal purposes. Any of the methods are explained by referring to FIG. 20. A file, which the user wants to transfer, is a file 350 shown in FIG. 20.
First, the first method is explained. This method is used by the user for transferring the file 350 from a server computer 302 to a mobile apparatus 303 carried by the user.
Concretely, first, the user operates the mobile apparatus 303 to establish a communication with the server computer 302 through a network 301. The server computer 302 is capable of verifying that the user is a user having a right to use the file 350. The operation carried out by the user on the mobile apparatus 303 is normally called a sign-on or login operation or an operation with another name and generally requires a password.
After the sign-on operation is carried out, the server computer 302 transfers the file 350 to the mobile apparatus 303. When the mobile apparatus 303 receives the transferred file 350, the user is capable of using the file 350 through an input unit 311 and an output unit 312, which are employed in the mobile apparatus 303.
The second method is used by the user to carry out a sign-on operation in order to use a file from a client computer 304 placed at a location close to the present location of the user. More concretely, the client computer 304 is typically a computer installed at a public location. The user operates the client computer 304 to establish a communication with the server computer 302 through the network 301 in order to carry out a sign-on operation.
After the sign-on operation is completed, the server computer 302 transfers the file 350 to the client computer 304. When the client computer 304 receives the transferred file 350, the user is capable of using the file 350 through the input unit 321 and the output unit 322.
The third method is used by the user for transferring the file 350 to a mobile apparatus 303 carried by the user and then further transferring the file 350 from the mobile apparatus 303 to a client computer 304 placed at a location close to the present location of the user.
More concretely, the user operates the mobile apparatus 303 to establish a communication with the server computer 302 through the network 301 in order to carry out a sign-on operation.
After the sign-on operation is completed, the server computer 302 transfers the file 350 to the mobile apparatus 303. When the mobile apparatus 303 receives the transferred file 350, the user transfers the file 350 from the mobile apparatus 303 to the client computer 304. Then, the user utilizes the file 350 through the input unit 321 and the output unit 322, which are provided on the client computer 304.
In addition, U.S. Pat. No. 5,668,876 discloses another system for rendering information services and the like by using a server for users of remote terminals. A pager system is used for authenticating the user and for transmitting information for notifying the user of a response code used for receiving a service.
However, the conventional methods described above have the following problems.
First, with the first method described above, only the input unit 311 and the output unit 312 can be used to utilize a file. In general, the sizes of the input unit 311 and the output unit 312, which are provided on the mobile apparatus 303, are small in comparison with a stationary computer's input unit and output unit respectively. An example of the stationary computer is the so-called desktop computer. The input unit in a stationary computer includes a keyboard and a mouse whereas the output unit thereof includes a display unit. In addition, for the mobile apparatus 303, there are limitations on the input method and the area of the display screen. For these reasons, it is difficult to operate the file in a comfortable manner by using the input unit 311 and the output unit 312.
In addition, in the case of the second method, the user must enter information (such as a password) required for a sign-on operation to the client computer 304 in order to complete the sign-on operation. Thus, if the client computer 304 happens to execute a malicious program by any chance, the program may fetch the information, which is entered by the user and required for the sign-on operation, and information required for transferring the file 350 from the server computer 302 to the client computer 304 after the sign-on operation. The latter information is referred to as credentials, which are stored in a storage unit in the client computer 304 at completion of the sign-on operation. As a result, it is feared that an illegal access to the client computer 304 is made when the user is using the client computer 304 or after the user uses the client computer 304. An illegal access includes the following two cases.
First, one or more files other than the file 350 may be stolen from the server computer 302, or one or more files including the file 350 may be falsified. By using the information entered by the user to the client computer 304 or the credentials stored in a storage unit in the client computer 304 at completion of the sign-on operation, a malicious user or a malicious program is capable of completely becoming the authorized user capable of transferring all files from the server computer 302, deleting the files and rewriting them. These illegal operations are each generally referred to as a break-in operation.
In the second place, it is quite within the bounds of possibility that an illegal access is made during or after use of the client computer 304 so that a sign-on operation can no longer be carried out. Normally, if a plurality of sign-on operations carried out by the same user consecutively all end in a failure, in many cases, the server computer 302 executes a function to disable subsequent sign-on operations carried out by the user. By using the information entered by the user to the client computer 304, the malicious user or the malicious program is capable of deliberately carrying out consecutively sign-on operations that each end in a failure a plurality of times. Thus, even when the user carries out a sign-on operation correctly later on, the sign-on operation has been disabled by the server computer 302. The disability to carry out a sign-on operation is normally referred to as a denial of service attack.
In addition, the client computer 304 is generally a computer open to the public. Thus, a malicious user can execute a malicious program on the client computer 304 with ease in such a way that the user is not aware of the malicious program execution.
Also in a case where the system configuration disclosed in U.S. Pat. No. 5,668,876 cited above is applied to an access to a file from a remote terminal, there is raised a problem that it is quite within the bounds of possibility that a response code transmitted to the remote terminal for the access is fetched by a malicious user from the remote terminal and abused later.
Furthermore, as for a problem of the third method described above, data is transferred from the server computer 302 to the mobile apparatus 303 generally by using a radio/mobile communication technique, which has a low data transmission speed and incurs a high cost for a transfer of data in comparison with a wired/fixed communication technique. Thus, if the size of a file to be transferred is large, there will be raised a problem of a long required transfer time and a high transfer cost.